■
Remove link-layer-overhead from [ls-0/0/0 unit 0], if configured.
■
If the LFI forwarding class is mapped to no-fragmentation in fragmentation-map
and the configuration hierarchy is enabled on lsq-0/0/0 in JUNOS Release
10.1, then
■
Add interleave-fragments under [ls-0/0/0 unit 0]
■
Adjust classifier configured for LFI on lsq-0/0/0 under [class-of-service]
to classify packets to Q2
If the aforementioned instructions are not followed, the bundle will be incorrectly
processed.
Interfaces and Routing
■ On SRX Series devices, to minimize the size of system logs, the default logging
level in the factory configuration has been changed from any any to any critical.
■
On SRX3000 and SRX5000 line devices, the set protocols bgp family inet flow and
set routing-options flow CLI statements are no longer available, because BGP flow
spec functionality is not supported on these devices.
■ On SRX100, SRX210, SRX240, and SRX650 devices, the autoinstallation
functionality on an interface enables a DHCP client on the interface and remains
in the DHCP client mode. In previous releases, after a certain period, the interface
changed from being a DHCP client to a DHCP server.
Intrusion Detection and Prevention (IDP)
■ On SRX5600 and SRX5800 devices, while running commands in IDP, ensure
that you provide the service field values for custom attack definitions in lowercase.
In the following example, the protocol service field value udp is specified in
lowercase:
set security idp custom-attack temp severity info attack-type signature context packet
direction any pattern .* protocol udp destination-port match equal value 1333
■ On SRX3400, SRX3600, SRX5600, and SRX5800 devices, for brute force and
time-binding-related attacks, the logging is to be done only when the match count
is equal to the threshold. That is, only one log is generated within the 60-second
period in which the threshold is measured. This process prevents repetitive logs
from being generated and ensures consistency with other IDP platforms like
IDP-standalone.
■
On SRX Series and J Series devices, the IDP ip-action statement is now supported
on TCP, UDP, and ICMP flows. When the ip-action target is service, the ip-action
flow is applied if the traffic matches the values specified for protocol, destination
port, source address, and destination address. However, for ICMP flows, the
destination port is 0, so that any ICMP flow matching protocol, source address,
Changes In Default Behavior and Syntax in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services
Routers ■ 129
Changes In Default Behavior and Syntax in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services Routers
To Next Page
Loading...
Need help?
General
